There’s yet another update to the troubling case of Spyros Panos, who had been charged with stealing another physician’s identity to continue on his fraudulent way after losing his medical license for other crimes. A post on this site in 2018 provides some of the background and history. On October 30, the Southern District of…
Category: U.S.
Mercy Iowa City notifies 92,795 after discovering employee’s email account compromised
It started as so many breaches do — with the compromise of an employee’s email account. From May 15 until June 24, a threat actor accessed the account and used it to send spam and phishing emails. The breach was discovered on June 24. Mercy Iowa City’s investigation, assisted by a forensics security firm. ultimately…
Cold storage giant Americold hit by cyberattack, services impacted
Lawrence Abrams reports: Cold storage giant Americold is currently dealing with a cyberattack impacting their operations, including phone systems, email, inventory management, and order fulfillment. Americold is a leading temperature-controlled warehouses operator who offers supply-chain services and inventory management for retailers, food service providers, and producers. Americold manages 183 warehouses worldwide and has approximately 13,000 employees….
American Bank Systems hit by ransomware attack, full 53 GB data dump leaked
Ax Sharma reports: American Bank Systems (ABS), a company that provides services to U.S. financial institutions and banks helping them “operate efficiently and confidently in a rapidly evolving – highly regulated – environment” has been hit by a ransomware attack this month. Avaddon, the ransomware group behind the attack had earlier alleged they had acquired over…
Correction and Update: Mount Locker team denies responsibility for Sonoma Valley Hospital attack
On November 9, DataBreaches.net published “Without Undue Delay” which catalogued health sector ransomware attacks where attackers had dumped patient data as part of an attempt to pressure their victims into paying ransom. That report was a companion to a post arguing that patients need to be notified sooner of ransomware dumps than HIPAA’s 60-day window…
Hosting Provider Exposed 63M Records incl. WP & Magento
I missed this report from Jeremiah Fowler the other day: On October 5th I discovered a non-password protected database that contained a large amount of monitoring and system logs. There were records indicating data backups, monitoring, error logging, and more. Upon further research, the database appeared to belong to the Texas-based cloud application hosting provider,…